"Om-Bobs-Man" is the nickname Bob Niemi earned while serving as the
NMLS Ombudsman in 2014 and 2015. Bob is a former Ohio state regulator
and now an expert consultant on NMLS and state regulatory matters.

The 2016 Multi-State Mortgage
Committee (MMC) Report to
State Regulators notes some
surprising findings in mortgage
origination examinations from
the past year for core compliance
with Bank Secrecy Act (
BSA)/Anti-Money Laundering (AML) rules
and and failures of compliance
management systems in general.

Since 2012, non-bank mortgage
companies have been required
to meet BSA/AML compliance.
State mortgage examiners
review BSA/AML compliance
programs for non-bank lenders
and brokers. Five years later,
lenders large and small should
understand the need to address
BSA/AML compliance.

The MMC Report noted multiple
instances of companies failing
to have independent audits
to assess BSA/AML policies,
procedures, and controls.
Examiners noted that companies
failed to provide BSA/AML
training to employees. These two
findings are core breakdowns of
any compliance management
system and not unique to BSA/
AML compliance.

Compliance with BSA/AMLconsiders the risks associated amortgage company’s products,company size and structure,markets served, and more. Eachcompany should have a programtailored to its specific productofferings, geography, and otherrisks. The core pillars of anycompliance management systemare just as critical and includewritten policies and procedures,designated compliance officers,training for employees, andannual review and testing.

While a larger lender will
often use an independent
company to evaluate all of its
compliance efforts, smaller
lenders are required to conduct
a similar compliance review.
The independent review must
be separate of the sales and
production reporting structure
and address any identified
shortcomings in policy, process,
or training. The ownership
and/or management of the
company must also be informed
and understand the process
to evaluate the company’s
compliance efforts.

Failure to provide training for all
employees is a failure of basic
compliance standards . Training
must be conducted for all new
hires and at least annually for
everyone to be compliant. State
examinations gauge BSA/AML
compliance with one simple
question:

When do you file a SAR?

The Suspicious Activity Report
(SAR) is a basic tool of BSA/AML
compliance and a common break
down point for many companies’
training programs. This one
question can demonstrate if
employees know how to red
flag a suspicious transaction.
Employees must recognize
clues when an application or
loan may involve fraud. They
should understand the company
policies for reporting suspicious
activity. Training must cover your
company policy, procedures
for review, and who would file
the SAR. Testing employee
knowledge is key for compliance
management. They should know
how to answer the examiner’s
questions and to whom they
should refer questions for which
they do not have an answer.

Failure to comply with BSA/
AML record keeping and
reporting requirements have
financial penalties and significant
implications on your company.

How does your company
comply beyond examination
and reporting requirements?

Take the time now to identify
compliance gaps and address
training needs before the
examiners call. MCM